feat: implement comprehensive admin functionality

- Add admin role system with role and isAdmin fields to users table - Create admin_actions audit log table for tracking all admin operations - Implement admin CLI tool for user management (create, promote, demote, list, check) - Add admin authentication with role-based access control - Create admin service layer with system statistics and user management - Implement user impersonation system with proper security checks - Add admin API endpoints for user management and system statistics - Create admin dashboard UI with overview, users, and action logs - Fix admin stats endpoint and user deletion with proper foreign key handling - Add admin link to navigation bar for admin users Database: - Add role and isAdmin columns to users table - Create admin_actions table for audit trail - Migration script: add-admin-functionality.js CLI: - src/backend/scripts/admin-cli.js - Admin user management tool Backend: - src/backend/services/admin.service.js - Admin business logic - Updated auth.service.js with admin helper functions - Enhanced index.js with admin routes and middleware - Export sqlite connection from config for raw SQL operations Frontend: - src/frontend/src/routes/admin/+page.svelte - Admin dashboard - Updated api.js with adminAPI functions - Added Admin link to navigation bar Security: - Admin-only endpoints with role verification - Audit logging for all admin actions - Impersonation with 1-hour token expiration - Foreign key constraint handling for user deletion - Cannot delete self or other admins - Last admin protection
2026-01-21 09:43:56 +01:00
parent fe305310b9
commit e88537754f
10 changed files with 2314 additions and 1 deletions
--- a/src/backend/db/schema/index.js
+++ b/src/backend/db/schema/index.js
@@ -9,6 +9,8 @@ import { sqliteTable, text, integer } from 'drizzle-orm/sqlite-core';
 * @property {string|null} lotwUsername
 * @property {string|null} lotwPassword
 * @property {string|null} dclApiKey
+ * @property {string} role
+ * @property {boolean} isAdmin
 * @property {Date} createdAt
 * @property {Date} updatedAt
 */
@@ -21,6 +23,8 @@ export const users = sqliteTable('users', {
  lotwUsername: text('lotw_username'),
  lotwPassword: text('lotw_password'), // Encrypted
  dclApiKey: text('dcl_api_key'), // DCL API key for future use
+  role: text('role').notNull().default('user'), // 'user', 'admin'
+  isAdmin: integer('is_admin', { mode: 'boolean' }).notNull().default(false), // Simplified admin check
  createdAt: integer('created_at', { mode: 'timestamp' }).notNull().$defaultFn(() => new Date()),
  updatedAt: integer('updated_at', { mode: 'timestamp' }).notNull().$defaultFn(() => new Date()),
 });
@@ -202,5 +206,24 @@ export const qsoChanges = sqliteTable('qso_changes', {
  createdAt: integer('created_at', { mode: 'timestamp' }).notNull().$defaultFn(() => new Date()),
 });

+/**
+ * @typedef {Object} AdminAction
+ * @property {number} id
+ * @property {number} adminId
+ * @property {string} actionType
+ * @property {number|null} targetUserId
+ * @property {string|null} details
+ * @property {Date} createdAt
+ */
+
+export const adminActions = sqliteTable('admin_actions', {
+  id: integer('id').primaryKey({ autoIncrement: true }),
+  adminId: integer('admin_id').notNull().references(() => users.id),
+  actionType: text('action_type').notNull(), // 'impersonate_start', 'impersonate_stop', 'role_change', 'user_delete', etc.
+  targetUserId: integer('target_user_id').references(() => users.id),
+  details: text('details'), // JSON with additional context
+  createdAt: integer('created_at', { mode: 'timestamp' }).notNull().$defaultFn(() => new Date()),
+});
+
 // Export all schemas
-export const schema = { users, qsos, awards, awardProgress, syncJobs, qsoChanges };
+export const schema = { users, qsos, awards, awardProgress, syncJobs, qsoChanges, adminActions };